There are many different network devices and security applications/products (collectively referred to herein as network security elements) available from different vendors that perform various security operations such as vulnerability assessment, policy enforcement, etc. In order for network security elements to perform their operations, the elements need to obtain security information/data from one or more other sources (e.g., network devices, applications, services, servers, mobile devices, etc.). Network security elements generally gather the security information from different sources using a variety of different protocols and methods, and there is no mechanism that enables consistent use of security data. Without the consistent use of security data, most networks are made less secure at deployment and during operation. Also, most users of network security information today do not leverage the data properly due to the difficulties in accessing and sharing the security information.
Different types of security information may be produced or used by different network security elements. Security information may include, but is not limited to: raw security events, network flow information, identity information, security configuration information, security intelligence information, reputation information, correlated security analysis, and security reports. Security information may also include: indexes of information, policy, configuration settings, topology (physical, layer 2, and/or layer 3), network flow information, deep packet inspection of data and control plan traffic, control plane events, content security events, policy (e.g., network, control, endpoint), posture assessment information, compliance rules and assessment, profiling assessment information, statistical counts and analysis of the statistics on traffic patterns, etc.